Identification, Verification, and Authentication Scoring

ABSTRACT

Systems and methods are provided for responding to a communication received from an individual. An identification score may be obtained for the communication that indicates the likelihood that a claimed identity of the individual is the actual identity of the individual. A verification score for the communication may also be obtained that indicates the likelihood a purported source of the communication is the actual source of the communication. An authentication score for the communication may additionally be obtained that indicates the likelihood the individual has been authenticated. An overall score for the communication may be generated and based on the identification score, verification score, and authentication score. A response to the communication may thus be determined based on the overall score. The response may be a grant or denial of access to one or more services requested by the individual through the communication.

TECHNICAL FIELD

The present invention generally relates to identification andauthentication of an individual and particularly relates to determiningidentification

BACKGROUND

For the convenience of its customers, banking institutions may provideaccess to bank accounts and other banking services over the phone orthrough the Internet. In order to preserve the security of bank accountinformation, customer information, and other secured information,banking institutions are dedicated to ensuring only authorizedindividuals can access such information. Therefore, banking institutionsmay welcome improved approaches to determining whether to grant accessto banking systems and services that are both convenient and secure.

SUMMARY

The following presents a simplified summary of various aspects describedherein. This summary is not an extensive overview, and is not intendedto identify key or critical elements or to delineate the scope of theclaims. The following summary merely presents some concepts in asimplified form as an introductory prelude to the more detaileddescription provided below.

A first aspect described herein provides a method for responding to acommunication from an individual. A communication may be received froman individual, and an identification score may be obtained for thecommunication. The identification score may indicate the likelihood thata claimed identity of the individual is the actual identity of theindividual. A verification score for the communication may also beobtained. The verification score may indicate the likelihood that apurported source of the communication is the actual source of thecommunication. An authentication score for the communication mayadditionally be obtained. The authentication score may indicate thelikelihood that the individual has been authenticated. An overall scorefor the communication may be generated. The overall score may be basedon the identification score, the verification score, and theauthentication score. A response to the communication may thus bedetermined based on the overall score. The response may be a grant ordenial of access to one or more services requested by the individual.

A second aspect described herein provides a system for responding to acommunication received from an individual. The system may include atleast one processor and memory storing computer-readable instructionsthat, when executed by the at least one processor, cause the system toprovide components for responding to a communication received from anindividual. A communication portal may receive a communication from anindividual. An identification scoring engine may generate anidentification score that indicates the likelihood a claimed identity ofthe individual is the actual identity of the individual. A verificationscoring engine may generate a verification score that indicates thelikelihood a purported source of the communication is the actual sourceof the communication. An authentication scoring engine may generate anauthentication score that indicates the likelihood the individual hasbeen authenticated. A scoring aggregator may generate an overall scorefor the communication based on the identification score, verificationscore, and authentication score. A rules engine may determine a responseto the communication based on the overall score.

A third aspect described herein provides non-transitorycomputer-readable media having instructions that when executed cause acomputing device to determine a response received from an individual.The computing device may receive a communication from an individual at acommunication portal. The communication may request access to bankingservices from a banking system. The computing device may obtain anidentification score for the communication using an identificationscoring engine. The identification score may indicate the likelihoodthat a claimed identity of the individual is the actual identity of theindividual. The computing device may also obtain a verification scorefor the communication using a verification scoring engine. Theverification score may indicate the likelihood that the purported sourceof the communication is the actual source of the communication. Thecomputing device may additionally obtain an authentication score for thecommunication using an authentication engine. The authentication scoremay indicate the likelihood that the individual has been authenticated.The computing device may generate an overall score for the communicationusing a scoring aggregator. The overall score may be based on theidentification score, the verification score, and the authenticationscore. The computing device may grant the individual access to therequested banking services in response to a determination that theoverall score is above an upper score threshold. The computing devicemay decline to grant the individual access to the requested bankingservices in response to a determination that the overall score is belowa lower score threshold.

These and additional aspects will be appreciated with the benefit of thedetailed description provided below.

BRIEF DESCRIPTION OF THE DRAWINGS

Aspects of the disclosure may be implemented in certain parts, steps,and embodiments that will be described in detail in the followingdescription and illustrated in the accompanying drawings in which likereference numerals indicate similar elements. It will be appreciatedwith the benefit of this disclosure that the steps illustrated in theaccompanying figures may be performed in other than the recited orderand that one or more of the steps disclosed may be optional. It willalso be appreciated with the benefit of this disclosure that one or morecomponents illustrated in the accompanying figures may be positioned inother than the disclosed arrangement and that one or more of thecomponents illustrated may be optional.

FIG. 1 is a block diagram of an example operating environment in whichvarious aspects of the disclosure may be implemented.

FIG. 2 is a block diagram of example workstations and servers that maybe used to implement the processes and functions of one or more aspectsof the present disclosure.

FIG. 3 is a block diagram of an example of an implementation of anidentity, verification, and authentication scoring system.

FIG. 4 is a block diagram of an example workflow corresponding toscoring and responding to an incoming communication.

FIG. 5 is a flowchart of example method steps for scoring an incomingcommunication.

FIG. 6 is a flowchart of example method steps for determining a responseto a communication based on an overall score for the communication.

FIG. 7 is a flowchart of example method steps for determining anidentification score for a communication.

FIG. 8 is a flowchart of example method steps for determining averification score for a communication.

FIG. 9 is a flowchart of example method steps for determining anauthentication score for a communication.

FIG. 10 is a flowchart of example method steps for configuring rulesused to determine a response to a communication.

DETAILED DESCRIPTION

Aspects described herein provide improved approaches to identifying,verifying, and authenticating an individual requesting access to securedsystems or services. Aspects of the present disclosure may implemented,for example, to identify, verify, and authenticate a customer thatcontacts a banking system and requests access to bank accountinformation, customer information, or other banking services. Anidentification, verification, and authentication scoring system(“scoring system”) is provided that determines whether or not to grantan individual access to requested services based on informationassociated with the individual and information associated with acommunication received from the individual.

For clarity, the following terminology is adopted for use in the presentdisclosure. Communications refer to electric or electroniccommunications received from an individual. Communications received fromthe individual may be one or more wired communications, one or morewireless communications, or a combination of wired and wirelesscommunications. Examples of communications include phones calls from anindividual via landline or cellular telephone networks, onlinecommunications via the Internet, and other types of electric orelectronic communications that will be appreciated with the benefit ofthis disclosure. Through these communications, an individual may requestand be granted access to one or more banking systems or services.Communication information refers to information associated with acommunication received from the individual. Communication informationmay include information indicating the source of the communication. Fora phone call, communication information related to the source of thephone call includes the phone number the phone call was placed from. Foran online communication, communication information related to the sourceof the online communication includes one or more network addresses ordevice identifiers the online communication was transmitted from. Thesource of the communication also refers to a geographic location a phonecall, online communication, or other type of communication originatedat.

A claimed identity refers to an identity an individual represents ashaving. An actual identity refers to the true identity of an individual.Identification information refers to information that, either alone orin combination, indicates an identity of the individual. Examples ofidentification information include personal information associated withan individual (e.g., first and last name, birthday), information tokensassociated with an individual (e.g., account number, customer number,phone number, mailing address, username, digital certificate), and othertypes of information associated with an individual. Identificationinformation may be used to obtain authentication information, which mayin turn be used to confirm whether the claimed identity of an individualis the actual identity of the individual.

It will be appreciated that individuals may misrepresent their actualidentities and represent themselves as having a claimed identity thatdoes not match their actual identity. Identification information maythus also be used to obtain an identification score that indicates thelikelihood that a claimed identity is the actual identity of anindividual. An identification score may be a value that quantifies thelikelihood that a claimed identity is the actual identity of anindividual. Other types of identification scores that indicate thelikelihood that a claimed identity an individual is the actual identityof the individual may be selectively employed.

The ability to misrepresent at least some of the communicationinformation associated with a communication will also be recognized. Forexample, a communication may misrepresent its source, e.g., the phonenumber a phone call is placed from, the network address or deviceidentifier an online communication is transmitted from, or thegeographic location the communication originated at. Accordingly, thecommunication information associated with a communication received froman individual may be verified for accuracy.

Verification information refers to information that indicates whethercommunication information associated with a communication is accuratelyrepresented. Verification information may include information indicatingwhether the purported source of a communication received from anindividual is the actual source of the communication. The actual sourceof the communication refers to the true source of the communication,e.g., the true phone number a phone call was place from, the truenetwork addresses or device identifiers an online communication wastransmitted from, or the true geographic location a communicationoriginated at. The purported source of a communication refers to thesource the communication represented by the communication, e.g., thephone number a phone call represents as having been placed from, thenetwork addresses or device identifiers an online communicationrepresents as having been transmitted from, or the geographic location acommunication represents as having originated at.

Verification information may be used to obtain a verification score. Averification score indicates the likelihood that that the communicationinformation associated with the communication is accurately represented.The verification score may be a value that quantifies a likelihood thata purported source of the communication is the actual source of thecommunication. Other types of verification scores that indicate thelikelihood communication information associated with a communication isaccurately represented may be selectively employed.

In order to ensure that the claimed identity of the individual is theactual identity of the individual, the claimed identity individual maybe authenticated. Authentication information refers to information thatindicates whether the individual has been authenticated. Authenticationinformation may include answers to security questions presented to anindividual. Authentication information may also include informationrelated to a comparison of a voice print for the individual to a storedvoice print. The authentication information may be used to obtain anauthentication score that indicates the likelihood that the individualhas been authenticated. The authentication score may be a value thatquantifies the likelihood that the claimed identity of the individual isthe actual identity of the individual. Other types of authenticationscores that indicate the likelihood that the claimed identity matchesthe actual identity of an individual may be selectively employed.

Furthermore, it is to be understood that the phraseology and terminologyused herein are for the purpose of description and should not beregarded as limiting. Rather, the phrases and terms used herein are tobe given their broadest interpretation and meaning. The use of“including” and “comprising” and variations thereof is meant toencompass the items listed thereafter and equivalents thereof as well asadditional items and equivalents thereof. The use of the terms“mounted,” “connected,” “coupled,” “positioned,” “engaged” and similarterms, is meant to include both direct and indirect mounting,connecting, coupling, positioning and engaging. In addition, “set” asused in this description refers to a collection that may include oneelement or more than one element. Moreover, aspects of the disclosuremay be implemented in non-transitory computer-readable media havinginstructions stored thereon that, when executed by a processor, causethe processor to perform various steps described in further detailbelow. As used in this description, non-transitory computer-readablemedia refers to all computer-readable media with the sole exceptionbeing a transitory propagating signal.

FIG. 1 illustrates a block diagram of at least a portion of a scoringsystem 101 (e.g., a computer server) in communication system 100 thatmay be used according to an illustrative embodiment of the disclosure.The system 101 may have a processor 103 for controlling overalloperation of the system and its associated components, including RAM105, ROM 107, input/output (I/O) module 109, and memory 115.

I/O 109 may include a microphone, keypad, touch screen, and/or stylusthrough which a user of the scoring system 101 may provide input, andmay also include one or more of a speaker for providing audio output anda video display device for providing textual, audiovisual and/orgraphical output. Software may be stored within memory 115 and/orstorage to provide instructions to processor 103 for enabling the system101 to perform various functions. For example, memory 115 may storesoftware used by the system 101, such as an operating system 117,application programs 119, and an associated database 121. Processor 103and its associated components may allow the system 101 to run a seriesof computer-readable instructions to identify and authenticateindividuals as well as verify communications received from thoseindividuals.

The system 101 may operate in a networked environment supportingconnections to one or more remote computers, such as terminals 141 and151. The terminals 141 and 151 may be personal computers or servers thatinclude many or all of the elements described above relative to thesystem 101. Alternatively, terminal 141 and/or 151 may be a data storethat stores data used by the system 101. The network connectionsdepicted in FIG. 1 include a local area network (LAN) 125 and a widearea network (WAN) 129, but may also include other networks. When usedin a LAN networking environment, the system 101 is connected to the LAN125 through a network interface or adapter 123. When used in a WANnetworking environment, the system 101 may include a modem 127 or othermeans for establishing communications over the WAN 129, such as theInternet 131. It will be appreciated that the network connections shownare illustrative and other means of establishing a communications linkbetween the computers may be used. The existence of any of variouswell-known protocols such as TCP/IP, Ethernet, FTP, HTTP and the like ispresumed.

Additionally, one or more application programs 119 used by the scoringsystem 101 according to an illustrative embodiment of the disclosure mayinclude computer executable instructions for invoking functionalityrelated to processing and responding to access requests and tofacilitating access reviews.

The scoring system 101 and/or terminals 141 or 151 may also be mobileterminals, such as smart phones, personal digital assistants (PDAs), andthe like including various other components, such as a battery, speaker,and antennas (not shown).

The disclosure is operational with numerous other general purpose orspecial purpose computing system environments or configurations.Examples of well-known computing systems, environments, and/orconfigurations that may be suitable for use with the disclosure include,but are not limited to, personal computers, server computers, hand-heldor laptop devices, multiprocessor systems, microprocessor-based systems,set top boxes, programmable consumer electronics, network PCs,minicomputers, mainframe computers, and distributed computingenvironments that include any of the above systems or devices, and thelike.

The disclosure may be described in the general context ofcomputer-executable instructions, such as program modules, beingexecuted by a computer. Generally, program modules include routines,programs, objects, components, data structures, and the like thatperform particular tasks or implement particular abstract data types.The disclosure may also be practiced in distributed computingenvironments where tasks are performed by remote processing devices thatare linked, for example, through a communications network. In adistributed computing environment, program modules may be located inboth local and remote computer storage media including memory storagedevices.

Referring to FIG. 2, an illustrative system 200 for implementing methodsaccording to the present disclosure is shown. As illustrated, system 200may include one or more workstations/servers 201. Workstations 201 maybe local or remote, and are connected by one or more communicationslinks 202 to computer network 203 that is linked via communicationslinks 205 to the scoring system 204. In certain embodiments,workstations 201 may be different servers that communicate with thescoring system 204, or, in other embodiments, workstations 201 may bedifferent points at which the scoring system 204 may be accessed. Insystem 200, the scoring system 204 may be any suitable server,processor, computer, or data processing device, or combination of thesame.

Computer network 203 may be any suitable computer network including theInternet, an intranet, a wide-area network (WAN), a local-area network(LAN), a wireless network, a digital subscriber line (DSL) network, aframe relay network, an asynchronous transfer mode (ATM) network, avirtual private network (VPN), or any combination of any of the same.Communications links 202 and 205 may be any communications linkssuitable for communicating between workstations 201 and the scoringsystem 204, such as network links, dial-up links, wireless links,hard-wired links, and the like

The disclosure that follows in the figures may be implemented by one ormore of the components in FIG. 1 and FIG. 2 and/or other components,including other computing devices.

Referring now to FIG. 3, a block diagram of an example of animplementation of an identification, verification, and authenticationscoring system 300 is shown. The scoring system may be part of a bankingsystem 302 that includes a customer database 304, an agent serviceplatform 306, and one or more communication portals 308-312. Thecommunication portals 308-312, in this example, include an interactivevoice response (IVR) portal 308, a mobile portal 310, and an onlineportal 312. The banking system 302 may include additional componentsthat have been omitted from FIG. 3 for the purpose of clarity.

The customer database 304 of the banking system 302, in this example,stores a set 314 of customer profiles 316. The customer profiles 316, inthis example, include customer information relating to a bank customer.Customer information may include, for example, the name of the bankcustomer, contact information for the bank customer, and accountinformation for the bank customer. Customer information may also includeinformation the scoring system 300 may utilize to determine the identityor authenticate an individual such as answers to security questions,phone numbers or network address from which the individual haspreviously contacted the banking system, device identification numbersof devices the individual has previously used to contact the bankingsystem, and other types of information that may be utilized to identifyor authenticate an individual. Customer information may include othertypes of information related to bank customers, which will beappreciated by those knowledgeable in the art.

The agent service platform 306 is a platform that allows a customerservice agent to access banking resources on behalf of an individual.Through the agent service platform 306, a customer service agent mayaccess customer profile information, bank account information, and otherinformation related to banking services for an individual. The customerservice agent may also provide various banking services to theindividual through the agent service platform. Such banking services mayinclude, for example, updating personal information (e.g., mailingaddress), opening new accounts, closing existing accounts, transferringmoney between accounts, and other types of banking services providedremotely for the convenience of banking customers. A customer serviceagent may also utilize the agent service platform 306 to identify andauthenticate the individual. Accordingly, the agent service platform 306may be in communication with the customer database 304 to retrievecustomer profiles 316 as well as customer information and securityinformation associated with those profiles. In this way, a customerservice agent may also perform steps to identify and authenticate anindividual. For example, the agent service platform 306 may presentsecurity questions to pose to the individual during an authenticationprocess. The agent service platform 306, in this example, may alsopresent the answers to the security questions associated for comparisonto the answers received from the individual. As described below,identification and authentication may additionally or alternative beperformed automatically in some example implementations.

The IVR portal 308 provides access to the banking system 302 via a phonecall received from a telephone 318. The IVR portal 308 may route thephone call and provide access to banking services in response to voicecommands provided by the individual over the telephone 318. Thetelephone 318 may be, e.g., a landline telephone that access the IVRportal 308 through a public switched telephone network (PSTN) or may bea mobile telephone that accesses the IVR portal through a cellularnetwork.

The mobile portal 310 provides access to the banking system 302 via acommunication session with a mobile computing device 320. Communicationsused to access to the banking system 302 through the online portal 310are referred to as mobile communications in this description. In someexample implementations, mobile communications may include HyperTextTransfer Protocol (HTTP) requests. The mobile portal 310 may provideaccess to banking services via a mobile application 322 (“mobile app” or“app”) installed at the mobile computing device 320. Accordingly, themobile computing device 320 may be, e.g., a smartphone, a palmtopcomputer, a tablet computer, and other types of mobile computing devicesconfigured to run mobile applications. The mobile application 322 maythus be in communication with the mobile portal 310 through a wirelessnetworks (e.g., a cellular network), wired networks (e.g., theInternet), or a combination of wired or wireless networks.

The online portal 312 provides access to the banking system 302 via acommunication session with a computing device 324. Communications usedto access to the banking system 302 through the online portal 312 arereferred to as online communications in this description. In someexample implementations, mobile communications may include HTTPrequests. The online portal 312 may provide access to the banking system302 over the Internet and may thus comprise include one or more webpages and web services. Accordingly, the computing device 324 may be incommunication with the online portal 312 via a web browser 326 at thecomputing device. The computing device 324 may thus be, e.g., a desktopcomputer, a laptop computer, a tablet computer, a palmtop computer, asmartphone, and any other computing device capable of web access.

The portals 308-312 may prompt an individual for information such asidentification information, and information that may be used toauthenticate the identity of an individual. An individual may providethe requested information by speaking, typing, or keying the informationinto the telephone 318, mobile device 320, or computing device 324. Inresponse to receipt of the information, the portals 308-312 may providethe information to the scoring system 300. The portals may also providethe scoring system 300 with communication information associated with acommunication received from an individual.

The scoring system 300, in this example, includes: an identificationengine 328; a verification engine 330; an authentication engine 332; anidentification scoring engine 334; a verification scoring engine 336; anauthentication scoring engine 338; a scoring aggregator 340; a rulesengine 342; and a routing engine 344.

The identification engine 328, in operation, obtains identificationinformation associated with an individual requesting access to thebanking system 302 and provides the identification information to theidentification scoring engine 334. The identification engine 328 maydetermine an identity of the individual based on information receivedfrom the individual. Accordingly, the identification engine 328 mayprompt the individual for personal information or one or moreidentification tokens. The personal information or identification tokensreceived from an individual may thus correspond to the claimed identityof the individual. Additionally or alternatively, the identificationengine 328 may derive identification information associated with thecommunication device the individual uses to contact the banking system302. Accordingly, the identification engine 328 may determine a phonenumber, network address, or device identifier associated with thecommunication received from the individual.

In some example implementations, the identification engine 328 may beconfigured to determine the identity of the individual based on thevoice of the individual. The identification engine 328 may prompt theindividual to speak a key phrase that includes the first and last nameof the individual. The audio sample that includes the key phrase may beconverted to text, and the first name and last name may then beextracted from the text of audio sample. The identification engine 328may thus utilize the first and last name extracted from the text of theaudio as an identification token to determine the identity of theindividual. More information related to determining the identity of anindividual based on the voice of that individual may be found incommonly-owned U.S. patent application Ser. No. 14/041,012 entitled“CUSTOMER IDENTIFICATION THROUGH VOICE BIOMETRICS” and filed on Sep. 30,2013 which is incorporated by reference herein in its entirety.

The identification engine 328 may query the customer database 304 for acustomer profile 316 matching the identification information receivedfrom the individual or derived from the communication. Theidentification engine 328 may also query the customer database 304 forinformation associated with the customer profile 316 that matches theidentification information. If the individual provides an account numberas identification information, for example, then the identificationengine 328 may query the customer database 304 for a customer profile316 having a matching account number. Other examples of queries theidentification engine 328 may submit to the customer database 304 willbe appreciated with the benefit of this disclosure. The identificationengine 328 may also query the customer database for information relatedto previous communications associated with a customer profile 316.

The identification engine 328 may provide the identificationinformation, customer profile information, and information related toprevious communications associated with the customer profile to theidentification scoring engine 334. As discussed in further detail below,the identification scoring engine 334 may generate an identificationscore based on this information.

The verification engine 330, in operation, obtains verificationinformation associated with a communication received at one of thecommunication portals 308-312 from an individual requesting access tothe banking system 302 and provides the verification information to theidentification scoring engine 334. The verification engine 330, in thisexample, is configured to determine whether the communication accuratelypresents the communication information associated with thecommunication.

The verification engine 330 may, for example, be configured to determinewhether the communication has accurately represented or misrepresentedthe source of the communication. In some example implementations, theverification engine 330 may be configured to determine whether a phonecall has misrepresented the phone number the phone call was placed from.The verification engine 330 may additionally or alternatively beconfigured to determine whether a mobile communication or onlinecommunication has misrepresented a network address or device identifierthe communication was transmitted from. The verification engine 330 mayfurther be configured to determine whether the communication hasmisrepresented a geographic location the communication originated at.The verification information provided to the verification scoring engine338 may thus include information related to the purported source of thecommunication, the actual source of the communication, and whether thepurported source of the communication is the actual source of thecommunication. Various approaches and techniques to determining whethera communication has misrepresented its source are known to those skilledin the art and may be selectively employed in various implementations ofthe verification engine 330.

The verification engine 330 may provide the verification information tothe verification scoring engine 334. As discussed in further detailbelow, the verification scoring engine 334 may generate a verificationscore based on this information.

The authentication engine 332, in operation, obtains authenticationinformation associated with the individual. The authentication engine332 may query the customer database 304 for security informationassociated with a customer profile 316 corresponding to the claimedidentity of the individual. The security information may includesecurity questions and associated answers. Accordingly, theauthentication engine 332 may present security questions to theindividual through one of the communication portals 308-312 and receiveanswers from the individual in response. The authentication informationprovided to the authentication scoring engine 338 may thus include theanswers associated with the security questions and the answers receivedfrom the individual.

The security information may also include a stored voice printassociated with a customer profile 316 associated with the claimedidentity of the individual. Accordingly, the authentication engine 332thus prompt the individual for a voice sample and provide the voicesample received from the individual to a voice biometrics engine (notshown). The voice biometrics engine may obtain a voice print based onthe voice sample and compare the voice print the voice sample to thestored voice print associated with the customer profile 316. Theauthentication information provided to the authentication scoring engine338 may thus also include information related to the comparison of thevoice print to the stored voice print.

The authentication engine 332 may provide the authentication informationto the authentication scoring engine 338. As discussed in further detailbelow, the authentication scoring engine 334 may generate anauthentication score based on this information.

The identification scoring engine 334, in operation, generates anidentification score for the individual requesting access to the bankingsystem 302. The identification score, in this example, indicates thelikelihood that the claimed identity of the individual is the actualidentity of the individual. The identification score may be a value thatquantifies the likelihood that the claimed identity of the individual isthe actual identity of the individual. For example, the identificationscore may range from zero to one hundred (0-100) with values closer tozero indicating a relatively low likelihood that the claimed identity ofthe individual is the actual identity of the individual and valuescloser to one hundred indicating a relatively high likelihood that theclaimed identity of the individual is the actual identity of theindividual. The identification scoring engine 334 may receive theidentification information from the identification engine 328 and usethe identification information to determine the identification score. Insome example implementations, the identification scoring engine 334 mayrefer to one or more rules maintained by the rules engine 342 whengenerating the identification score. The identification scoring engine334 may provide the identification score to the scoring aggregator 340.Generating an identification score will be discussed in further detailbelow with reference to FIG. 7.

The verification scoring engine 336, in operation, generates averification score for a communication received from the individualrequesting access to the banking system 302. The verification score, inthis example, indicates the likelihood that communication informationassociated with the communication (e.g., the source of thecommunication) is accurately represented. The verification score may bea value that quantifies the likelihood that communication informationassociated with the communication is accurately represented. Forexample, the verification score may range from zero to one hundred(0-100) with values closer to zero indicating a relatively lowlikelihood that communication information associated with thecommunication is accurately represented and values closer to one hundredindicating a relatively high likelihood that communication informationassociated with the communication is accurately represented. Theverification scoring engine 336 may receive the verification informationfrom the verification engine and use the verification information todetermine the verification score. In some example implementations, theverification scoring engine 336 may refer to one or more rulesmaintained by the rules engine 342 when generating the verificationscore. The verification scoring engine 336 may provide theidentification score to the scoring aggregator 340. Generating anidentification score will be discussed in further detail below withreference to FIG. 8.

The authentication scoring engine 338, in operation, generates anauthentication score for the individual requesting access to the bankingsystem 302. The authentication score, in this example, indicates thelikelihood that the individual has been authenticated. Theauthentication score may be a value that quantifies the likelihood thatthe individual has been authenticated. For example, the authenticationscore may range from zero to one hundred (0-100) with values closer tozero indicating a relatively low likelihood that the individual has beenauthenticated and values closer to one hundred indicating a relativelyhigh likelihood that the individual has been authenticated. Theauthentication scoring engine 338 may receive the authenticationinformation from the authentication engine and use the authenticationinformation to determine the authentication score. In some exampleimplementations, the authentication scoring engine 338 may refer to oneor more rules maintained by the rules engine 342 when generating theauthentication score. The authentication scoring engine 338 may providethe identification score to the scoring aggregator 340. Generating anauthentication score will be discussed in further detail below withreference to FIG. 9.

The scoring aggregator 340, in operation, generates an overall scorethat may be used to route the communication from the individual. Thescoring aggregator 340, in this example, receives the identificationscore from the identification scoring engine 334, the verification scorefrom the verification scoring engine 336, and the authentication scorefrom the authentication engine 338. Various approaches to generating theoverall score may be selectively employed. In one exampleimplementation, the overall score may be the arithmetic mean of theidentification score, verification score, and authentication score.Other approaches to generating the overall score may be selectivelyemployed.

The overall score corresponds to a confidence level that the individualrequesting access to the banking services has been accurately identifiedand authenticated. In other words, the overall score corresponds to aconfidence level that the individual requesting access to bankingservices is authorized to access those services. The overall score maybe a value that quantifies this confidence level. For example, theoverall score may range from zero to one hundred with values closer tozero indicating relatively low confidence that the individual isauthorized to access the requested banking resources and values closerto one hundred indicating a relatively high confidence that theindividual is authorized to access the requested banking resources. Thescoring aggregator 340 may provide the overall score to the rules engine342.

The rules engine 342, in operation, determines a response to acommunication received from an individual based on the overall scoregenerated for the communication. Since the overall score indicates aconfidence level that an individual is authorized to access requestedbanking resources, the rules engine 342 may determine whether to grantor deny the individual access to the banking services requested. Therules engine 342 may employ thresholds to determine how to respond to acommunication from an individual based on the overall score generatedfor that communication. Depending on the overall score for thecommunication, the rules engine 342 may determine, for example, denyaccess to the requested banking services and terminate thecommunication, grant access to the requested services and route thecommunication to the appropriate banking system that provides therequested services, or route the communication to the agent serviceplatform 306 to allow a customer service agent to further assist theindividual. Accordingly, the rules engine 342 may provide instructionsto the routing engine 344 with respect to how to route the communicationreceived from the individual.

The rules engine 342 may also be in communication with theidentification scoring engine 334, the verification scoring engine 336,and the authentication scoring engine 338. The rules engine 342 mayprovide rules to the scoring engines 334-338, and the scoring enginesmay apply the rules when generating the respective identification,verification, and authentication scores. The rules may specify criteriathat, when satisfied, cause the a scoring engine 334-338 to increase ordecrease the score generated by that scoring engine. The criteria of therules may relate to the identification, verification, or authenticationinformation respectively received from the identification engine 328,verification engine 330, or authentication engine 332. The rulesmaintained by the rules engine 342 may be dynamically configurable toindicate a desired response to a communication or to indicate criteriathat cause an identification, verification, or authentication score tobe raised or lowered. The rules engine 342 will be discussed in furtherdetail below with reference to FIG. 10.

The routing engine 344, in operation, routes a communication receivedfrom an individual based on instructions received from the rules engine342. For example, the routing engine may route a phone call to the agentservice platform 306 to connect the individual to a customer serviceagent. The routing engine may also route a mobile or onlinecommunication to resources that provide automated remote access tobanking information and services. The routing engine 344 may alsoterminate the communication if the rules engine 342 determines theindividual is not authorized to access the requested resources. In someexample implementations, the routing engine 344 may forward thecommunication for investigation in response to instructions receivedfrom the rules engine.

Referring now to FIG. 4, a block diagram of an example workflowcorresponding to scoring and responding to an incoming communication isshown. A communication device 350 may send a communication 352 to acommunication portal 354 of, e.g., a banking system. As mentioned above,the communication device 350 may be, e.g., a landline telephone, amobile telephone, a smartphone, or a computing device. As also mentionedabove, the communication portal 354 may be an IVR portal, a mobileportal, or online portal. The communication portal 354 may provideobtain communication information 356 associated with the communication352, and may provide the communication information to an identificationengine 328, a verification engine 330, and an authentication engine 332.

The identification engine 328 may obtain identification information 358based on the communication information 356, the verification engine 330may obtain verification information 360 based on the communicationinformation, and the authentication engine 332 may obtain authenticationinformation 362 based on the communication information as describedabove. The identification engine 328 may provide the identificationinformation 358 to the identification scoring engine 334, theverification engine 330 may provide the verification information 360 tothe verification scoring engine 336, and the authentication engine 332may provide the authentication information 362 to the authenticationscoring engine as also described above. In turn, the identificationscoring engine 334 may generate an identification score 364, theverification scoring engine 336 may generate a verification score 366,and the authentication coring engine 338 may generate an authenticationscore 368 as further described above.

The scoring aggregator 340 may receive the identification score 364, theverification score 366, and the authentication score 368. The scoringaggregator 340 may generate an overall score 370 based on theidentification score 364, the verification score 366, and theauthentication score 368 as described above. The scoring aggregator 340may provide the overall score 370 to the rules engine 342, and the rulesengine may instruct the routing engine 344 based on the overall score.

FIG. 5 is a flowchart 500 of example method steps for scoring anincoming communication. A communication may be received from anindividual at a communication portal (block 502). The communicationportal may provide at least a portion of the communication informationassociated with the communication received to an identification engine(block 504), and the identification engine may determine anidentification score based at least in part on the communicationinformation received (block 506). The communication portal may alsoprovide at least a portion of the communication information associatedwith the communication received to a verification engine (block 508),and the verification engine may determine a verification score based atleast in part on the communication information received (block 510). Thecommunication portal may additionally provide at least a portion of thecommunication information associated with the communication received toan authentication engine (block 512), and the authentication engine maydetermine an authentication score based at least in part on thecommunication information received (block 514).

The identification score, verification score, and authentication scoremay be provided to the scoring aggregator (block 516), and the scoringaggregator may aggregate these scores to obtain the overall score forthe communication (block 518). The scoring aggregator may provide theoverall score to the rules engine in order to determine a response tothe communication (block 520). The response indicated by the rulesengine may then be carried out (block 522) in response to thecommunication.

In FIG. 6 is a flowchart 600 of example method steps for determining aresponse to a communication based on an overall score for thecommunication is shown. An overall score for the communication may beobtained (block 602) as described above. As mentioned above, the rulesengine may employ thresholds to determine the response to thecommunication, e.g., an upper score threshold (e.g., 95/100) and a lowerscore threshold (70/100). The rules engine may first compare the overallscore to the lower score threshold (block 604). If the overall score isbelow than the lower score threshold (block 606:Y), then the scoringsystem may determine Accordingly, the rules engine may determine toterminate the communication (block 608) and issue terminationinstructions to the routing engine. If the overall score is not belowthe lower score threshold (block 606:N), then the rules engine maycompare the overall score to the upper score threshold (block 610). Ifthe overall score is above the upper score threshold (block 612:Y), thenthe rules engine may determine to grant the individual access to therequested services (block 614).

If the overall score is between the lower score threshold and the upperscore threshold—i.e., if the overall score is above the lower scorethreshold (block 606:N) but below the upper score threshold (block612:N)—then additional steps may be performed in order to authenticatethe individual. For example, the customer database may be queried forsecurity questions and corresponding answers associated with thecustomer profile of the claimed identity of the individual. Theindividual may be challenged with one or more security questions (block616), e.g., automatically through one of the communication portals orfrom a customer service agent.

If the user provides correct answers to the security questions (block618:Y) then the rules engine may grant the individual access to therequested services (block 614). If, however, the user does not providecorrect answers to the security questions (block 618:N), then the rulesengine may determine to terminate the communication (block 608).Additionally or alternatively, the rules engine may forward thecommunication for investigation (block 620) if the user does not providecorrect answers to the security questions. The rules engine maydetermine whether to grant access or terminate the communication basedon a total number of security questions answered correctly orincorrectly. Additionally or alternatively, the rules engine maydetermine whether to grant access or terminate the communication basedon a percentage of security questions answered correctly or incorrectly.In this way, the rules engine may accommodate one or more wrong answersfrom an individual before determining to terminate the communication.

In FIG. 7, a flowchart 700 of example method steps for determining anidentification score for a communication is shown. A communicationportal may receive a communication from an individual (block 702) andthe identification engine may prompt the individual for identificationinformation (block 704), e.g., an account number, customer number, orkey phrase including a first and last name. The identificationinformation may indicate a claimed identity of the individual. Theidentification engine may then retrieve a profile and correspondingprofile information associated with the claimed identity of theindividual (block 706).

The identification engine may then prompt the individual to provideadditional identification information (block 708) for comparison to theprofile information (block 710). For example, having determined aclaimed identity, the identification engine may prompt the individualfor a personal identification number (PIN) or birth date for comparisonto the PIN or birth date stored with the profile for the claimedidentity. If the additional identification information received from thecustomer matches the identity information stored with the profile forthe claimed identity (block 712:Y), then the identification scoringengine may increase the identification score (block 714). If, however,the additional identification information received from the customerdoes not match the identity information stored with the profile for theclaimed identity (block 712:N), then the identification scoring enginemay increase the identification score (block 716).

In order to generate an identification score, the identification enginemay also retrieve information associated with previous communicationsassociated with the claimed identity (block 718). The identificationengine may then provide to the identification scoring engine thecommunication information associated with the current communicationreceived from the individual and the information associated with theprevious communications for comparison. The identification scoringengine may then compare a characteristic of the current communication tocorresponding characteristics of the previous communications (block720). If the characteristic of the current communications matches acorresponding characteristic of at least one of the previouscommunications (block 722:Y), then the identification engine mayincrease the identification score (block 714). If, however, thecharacteristic of the current communication does not match acorresponding characteristic of any of the previous communications, thenthe identification scoring engine may decrease the identification score(block 716). As an example, the identification scoring engine maycompare the source of the current communication to the source ofprevious communications, e.g., a phone number, network address, deviceidentifier, or geographic location. In this example, if the source ofthe current communication matches the source of at least one of theprevious communications, then the identification scoring engine mayincrease the identification score because the source of the currentcommunication is recognized. If, however, the source of the currentcommunication does not match the source of any of the previouscommunications, then the identification scoring engine may decrease theidentification score because the source of the current communication isnot recognized. Having determined the identification score, theidentification scoring engine may provide the identification score tothe scoring aggregator (block 724) to use for determining the overallscore for the communication.

The identification engine may employ various approaches to determiningthe identity score. In some example implementations, the identificationengine may sum a set of values (e.g., x₁+x₂+x₃+ . . . +x_(n))corresponding to identification information items. In this example, theidentification engine may increase or decrease the identification scorethrough the sign of each value, e.g., a positive sign (+) whereidentification information received from the customer matches storedidentification information and a negative sign (−) where identificationinformation received from the customer does not match the storedidentification information.

In other example implementations, the identification engine may sum aset of weighted values (e.g., (w₁×x₁)+(w₂×x₂)+(w₃×x₃)+ . . .+(w_(n)×x_(n)). In this example, the identification engine may increaseor decrease the identification score by adjusting the weight of a value,e.g., a weight greater than zero where identification informationreceived from the customer matches stored identification information anda weight less than or equal to zero where identification informationreceived from the customer does not match the stored identificationinformation. In further implementations, the identification engine maystart with a based identification score and increase or decrease theidentification score by adding to or subtracting from the baseidentification score when an individual provides identificationinformation that matches or does not match the stored identificationinformation. Other approaches to generating the identification score maybe selectively employed.

The identification scoring engine may also refer to the rules engine forany rules directed towards generating the identification score. Therules engine may maintain, for example, rules specifying particularvalues or weights for certain types of identification information. Inthis way, some identification information items may contributerelatively more or less to the identification score. As an example,rules for the identification scoring engine may specify a relativelylower value or weight for an account number and a relatively highervalue or weight for a PIN since a PIN may be less easily obtainablerelative to an account number. Other examples will be appreciated.

In FIG. 8, a flowchart 800 of example method steps for determining averification score for a communication is shown. A communication may bereceived from an individual at a communication portal (block 802), andthe verification engine may receive communication information associatedwith the communication (block 804). The verification engine maydetermine the purported origin of the communication (block 806), e.g.,the phone number, network address, device identifier, or geographiclocation the communication represents as having originated at. Theverification engine may determine whether the purported origin of thecommunication is the actual origin of the communication (block 808).

If the purported origin of the communication is the actual origin of thecommunication (block 810:Y), then the verification engine may increasethe verification score (block 812). If, however, the purported origin ofthe communication is not the actual origin of the communication (block810:N), then the verification engine may decrease the verification score(block 814). The verification engine may provide the verification scoreto the scoring aggregator (block 820) to use for determining the overallscore for the communication.

The verification engine may generate the verification score in a mannerthat is similar to the generation of the identification score describedabove. Additionally, the verification engine may verify multiple sourcesof the communication, e.g., the phone number and the geographic locationa phone call represents as having originated at and, e.g., the networkaddress, device identifier, and geographic location a mobile or onlinecommunication represents as having originated at. The verificationscoring engine may also refer to the rules engine for any rules directedtowards generating the verification score. The rules engine maymaintain, for example, rules specifying particular values or weights fordifferent types of sources of the communication. As an example, rulesfor the verification scoring engine may specify different weights forphone numbers, network address, device identifiers, and geographiclocations. Other examples will be appreciated.

In FIG. 9, a flowchart 900 of example method steps for determining anauthentication score for a communication is shown. In this example, theauthentication score is generated through an analysis of a voice printof the individual and answers to knowledge-based authentication (KBA)security questions. A communication may be received from an individualat a communication portal (block 902), and a claimed identity of theindividual may be determined (block 904). The authentication engine mayprompt the individual for a voice sample (block 906) and obtain a voiceprint for the voice sample received (block 908). The authenticationengine may then retrieve a stored voice print for the claimed identityand compare the voice prints (block 910), e.g., using a voice biometricengine. The voice biometric engine may provide a voice print score thatindicates how closely the voice prints match. The authentication enginemay then compare the voice print score to an upper and lower voice printscore threshold. If the voice print score is above the upper voice printscore threshold (block 912:Y), then the authentication engine maydetermine that the individual has been sufficiently authenticated andmay increase the authentication score (block 914). If the voice printscore is not above the upper voice print score threshold (block 912:N)and is below the lower voice print score (block 916:Y), then theauthentication engine may determine that the individual cannot beauthenticated and may decrease the authentication score (block 918).

If, however, the voice print score is between the upper voice scorethreshold and the lower voice score threshold, the authentication enginemay perform additional steps to authenticate the individual. In thisexample, the authentication engine may challenge the individual with oneor more security questions (block 920) and adjust the authenticationscore based on whether the individual provides correct answers to thesecurity questions. If the individual provides a correct answer to asecurity question, then the authentication engine may increase theauthentication score (block 924). If the individual provides anincorrect answer to a security question, then the authentication enginemay decrease the authentication score (block 926). The authenticationengine may challenge the individual with one or more security questions.If the individual answers a security question incorrectly, theauthentication engine may again challenge the individual (block 928:Y)with another security question. Once the authentication engine is donechallenging the individual (block 928:N), the authentication engine mayprovide the authentication score to the scoring aggregator (block 930)to use for determining the overall score for the communication.

The authentication engine may generate the authentication score in amanner that is similar to the generation of the identification scoredescribed above. The authentication scoring engine may also refer to therules engine for any rules directed towards generating theauthentication score. The rules engine may maintain, for example, rulesspecifying particular values or weights for different securityquestions, rules indicating how many security questions to challenge theindividual with, and other types of rules directed towardsauthenticating the individual.

In FIG. 10, a flowchart 1000 of example method steps for configuringrules used to determine a response to a communication. In this example,the rules engine is configured with a rule to respond to a recent trendobserved with respect to received communications (block 1002). Theobserved trend may relate to the characteristics of the communicationitself (e.g., the source of the communication) as well ascharacteristics of the individual that sent the communication (e.g., thefirst and last name provided by the individual). In response to anobserved trend a rule may be defined with trend criteria and an actionto perform when the trend criteria is satisfied (block 1004). The trendcriteria may also relate to, e.g., the characteristics of thecommunication or the individual that sent the communication. The actionmay indicate, e.g., how to route the communication or particular valuesto use when determining the identification, verification, orauthentication score. The rules engine may thus be configured with anydefined rules (block 1006).

A communication may then be received at a communication portal (block1008), and communication information associated with the communicationmay be provided to the rules engine (block 1010). The rules engine maycompare the communication information to one or more defined rules inorder to determine whether the communication information satisfies thecriteria of the rules (block 1012). In the criteria of a rule is notsatisfied (block 1012:N), then the rules engine might not apply the rule(block 1014). If, however, the criteria of a rule is satisfied (block1012:Y), then the rules engine may apply the rule (block 1016) andperform the action defined for the rule (block 1018).

As an example, a banking system may observe multiple phone callsoriginating from the same geographic location that misrepresent thephone number the call was placed from. Accordingly, the banking systemmay define a rule for this observed trend. The criteria for the rule mayspecify the geographic location associated with the trend, and theaction for the rule may specify that phone calls satisfying the criteriashould be sent for investigation. Accordingly, subsequent phone callsoriginating at the specified geographic location and misrepresentingtheir phone numbers may be forwarded to an investigation team byapplying the rule. Other examples will be appreciated with the benefitof this disclosure.

Aspects of the disclosure have been described in terms of illustrativeembodiments thereof. In particular, aspects of the present disclosurehave been described by way of example in the context of determiningwhether to grant access to banking resources provided by a bankingsystem. Numerous other embodiments, modifications and variations withinthe scope and spirit of the appended claims will occur to persons ofordinary skill in the art from a review of this disclosure. For example,aspects of the present disclosure may be implemented in other contextswhere it is desirable to identify and authenticate an individual as wellas verify communications received from the individual. Additionally, oneof ordinary skill in the art will appreciate that the steps illustratedin the illustrative figures may be performed in other than the recitedorder, and that one or more steps illustrated may be optional inaccordance with aspects of the disclosure.

What is claimed is:
 1. A computer-implemented method of responding to acommunication from an individual comprising: receiving a communication;obtaining an identification score for the communication wherein theidentification score indicates a likelihood that a claimed identity ofthe individual is an actual identity of the individual; obtaining averification score for the communication wherein the verification scoreindicates a likelihood that a purported source of the communication isan actual source of the communication; obtaining an authentication scorefor the communication wherein the authentication score indicates alikelihood that the individual has been authenticated; generating anoverall score for the communication based on the identification score,the verification score, and the authentication score; and determining aresponse to the communication based on the overall score.
 2. The methodof claim 1 wherein determining a response to the communication includes:comparing the overall score to an upper score threshold; and grantingaccess to one or more services when the overall score is above the upperscore threshold.
 3. The method of claim 2 wherein determining a responsefurther includes: comparing the overall score to a lower scorethreshold; and declining to grant access to the one or more serviceswhen the overall score is below the lower score threshold.
 4. The methodof claim 3 wherein determining a response further includes: forwardingthe communication for investigation when the overall score is below thelower score threshold.
 5. The method of claim 1 wherein determining theidentity score includes: retrieving a profile associated with theclaimed identity; prompting the individual for an identification tokenassociated with the claimed identity; comparing the identification tokento a corresponding identification token associated with the profile;increasing the identification score when the identification tokenmatches the corresponding identification token; and decreasing theidentification score when the identification token does not match thecorresponding identification token.
 6. The method of claim 5 wherein theidentification token is one of: an access code; an account number; and aphrase spoken by the individual that includes a first name and a lastname associated with claimed identity.
 7. The method of claim 1 whereindetermining the identity score includes: retrieving information relatedto one or more previous communications associated with the claimedidentity; comparing a characteristic of the communication to respectivecorresponding characteristics of the one or more previouscommunications; increasing the identification score when thecharacteristic of the communication matches the correspondingcharacteristic of one of the previous communications; and decreasing theidentification score when the characteristic of the communication doesnot match any of the corresponding characteristics of the one or moreprevious communications.
 8. The method of claim 7 wherein: thecommunication is a phone call received from the individual and thecharacteristic of the communication is a phone number the individualcalled from; and the previous communications are previous phone callsassociated with the claimed identity and the correspondingcharacteristics are respective phone numbers the previous phone callswere called from.
 9. The method of claim 7 wherein: the communication isan online communication received from the individual and acharacteristic of the communication is a network address the onlinecommunication was received from; and the previous communications areprevious online communications associated with the claimed identity andthe corresponding characteristics are respective network addresses theprevious online communications were received from.
 10. A system forresponding to a communication received from an individual comprising: atleast one processor; and memory storing computer-readable instructionsthat, when executed by the at least one processor, cause the system toprovide a communication portal configured to receive a communicationfrom an individual, an identification scoring engine configured togenerate an identification score wherein the identification scoreindicates a likelihood that a claimed identity of the individual is anactual identity of the individual, a verification scoring engineconfigured to generate a verification score for the communicationwherein the verification score indicates a likelihood that a purportedsource of the communication is an actual source of the communication, anauthentication scoring engine configured to generate an authenticationscore for the communication wherein the authentication score indicates alikelihood that the individual has been authenticated, a scoringaggregator configured to generate an overall score for the communicationbased on the identification score, the verification score, and theauthentication score, and a rules engine configured to determine aresponse to the communication based on the overall score.
 11. The systemof claim 10 wherein: the rules engine is further configured to determineto grant the individual access to one or more services responsive to adetermination that the overall score is above an upper score threshold,determine not to grant the individual access to one or more servicesresponsive to a determination that the overall score is below a lowerscore threshold, and determine to prompt the individual forauthentication information responsive to a determination that theoverall score is below the upper score threshold and above the lowerscore threshold.
 12. The system of claim 11 wherein: the authenticationinformation includes one or more answers received from the individual inresponse to one or more security questions presented to the individual;and the rules engine is further configured to determine whether to grantthe individual access to the one or more services based on a number ofcorrect answers of the one or more answers received from the individual.13. The system of claim 10 wherein the instructions, when executed bythe at least one processor further cause the processor to provide: anidentification engine configured to obtain identification informationrelated to the individual and provide the identification information tothe identification scoring engine to use when determining theidentification score; a verification engine configured to obtainverification information related to the purported source of thecommunication and provide the verification information to theverification scoring engine to use when determining the verificationscore; and an authentication engine configured to obtain authenticationinformation related to the individual and provide the authenticationinformation to the authentication scoring engine to use when determiningthe authentication score.
 14. The system of claim 13 wherein: thecommunication is a phone call received from the individual; thepurported source of the phone call is a purported phone number the callwas received from; the actual source of the phone call is an actualphone number the call was received from; and the verification enginefurther, in operation, obtains the verification information bydetermining whether the purported phone number the phone call wasreceived from is the actual phone number the phone call was receivedfrom.
 15. The system of claim 13 wherein: the communication is an onlinecommunication received from the individual; the purported source of theonline communication is a purported network address the onlinecommunication was received from; the actual source of the onlinecommunication is an actual network address the online communication wasreceived from; and the verification engine is further configured toobtain the verification information by determining whether the purportednetwork address the online communication was received from is the actualnetwork address the online communication was received from.
 16. Thesystem of claim 13 wherein: the purported source of the communication isa purported geographic location the communication originated at; theactual source of the communication is an actual geographic location thecommunication originated at; and the verification engine is furtherconfigured to obtain the verification information by determining whetherthe purported geographic location the communication originated at is theactual geographic location the communication originated at.
 17. Thesystem of claim 10 wherein: the rules engine is configurable with one ormore rules that indicate a selected response to the communication whenone or more criteria of the rule is satisfied; and the criteria relateto at least one of one or more characteristics associated with theindividual, one or more characteristics associated with thecommunication, and combinations thereof.
 18. Non-transitorycomputer-readable media having instructions that, when executed, cause acomputing device to: receive a communication from an individual at acommunication portal wherein the communication requests access to one ormore banking services from a banking system; obtain an identificationscore for the communication using an identification scoring enginewherein the identification score indicates a likelihood that a claimedidentity of the individual is an actual identity of the individual;obtain a verification score for the communication using a verificationscoring engine wherein the verification score indicates a likelihoodthat a purported source of the communication is an actual source of thecommunication; obtain an authentication score for the communicationusing an authentication scoring engine wherein the authentication scoreindicates a likelihood that the individual has been authenticated;generate an overall score for the communication using a scoringaggregator wherein the overall score is based on the identificationscore, the verification score, and the authentication score; and grantthe individual accesses to the one or more banking services responsiveto a determination that the overall score is above an upper scorethreshold; and decline to grant the individual access to the one or morebanking services responsive to a determination that the overall score isbelow a lower score threshold.
 19. The computer-readable media of claim18 wherein the instructions, when executed, further cause the computingdevice to: obtain identification information related to the individualusing an identification engine and provide the identificationinformation to the identification scoring engine to use when determiningthe identification score; obtain verification information related to thepurported source of the communication and provides the verificationinformation to the verification scoring engine to use when determiningthe verification score; and obtain authentication information related tothe individual and provides the authentication information to theauthentication scoring engine to use when determining the authenticationscore.
 20. The computer-readable media of claim 19 wherein theinstructions, when executed, further cause the computing device to:present one or more security questions to the individual using theauthentication engine wherein the authentication information includesone or more answers received from the individual in response to thesecurity questions presented to the individual; and prompt theindividual for a voice sample, obtain a voice print for the voice sampleusing a voice biometric engine, obtain a stored voice print associatedwith claimed identity of the individual, and compare the voice print tothe stored voice print in order to obtain a voice print score whereinthe authentication information includes the voice print score.